{"id":3103,"date":"2024-03-06T17:45:10","date_gmt":"2024-03-06T17:45:10","guid":{"rendered":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/"},"modified":"2024-03-06T17:45:10","modified_gmt":"2024-03-06T17:45:10","slug":"happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor","status":"publish","type":"post","link":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/","title":{"rendered":"Happy Addons para Elementor <= 3.10.3 – Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor"},"content":{"rendered":"
El plugin Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo ‘author_meta_tag’ del Widget Meta de Autor en todas las versiones hasta, e incluyendo, la 3.10.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de nivel contribuidor y superior, inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada.<\/div>\n

<\/p>\n

La vulnerabilidad CVE-2024-1377 en Happy Addons para Elementor hasta la versi\u00f3n 3.10.3 permite que se ejecute c\u00f3digo malicioso en sitios web WordPress mediante la inyecci\u00f3n de scripts en p\u00e1ginas. Para mitigar este riesgo, se recomienda a los usuarios actualizar a la \u00faltima versi\u00f3n del plugin tan pronto como sea posible. Adem\u00e1s, se deben revisar y limitar los permisos de los roles de usuario para evitar que usuarios malintencionados aprovechen esta vulnerabilidad.<\/div>\n
Es fundamental mantener todos los plugins y temas de WordPress actualizados para protegerse contra vulnerabilidades conocidas como esta de Happy Addons for Elementor. La seguridad de un sitio web es responsabilidad de su propietario y la prevenci\u00f3n es la clave para evitar explotaciones maliciosas.<\/div>\n","protected":false},"excerpt":{"rendered":"

El plugin Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo ‘author_meta_tag’ del Widget Meta de Autor en todas las versiones hasta, e incluyendo, la 3.10.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de nivel […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[816],"class_list":["post-3103","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-cve-2024-1377"],"yoast_head":"\nHappy Addons para Elementor <= 3.10.3 - Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor - SeguridadWordPress.es<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Happy Addons para Elementor <= 3.10.3 - Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor - SeguridadWordPress.es\" \/>\n<meta property=\"og:description\" content=\"El plugin Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo ‘author_meta_tag’ del Widget Meta de Autor en todas las versiones hasta, e incluyendo, la 3.10.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de nivel […]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/\" \/>\n<meta property=\"og:site_name\" content=\"SeguridadWordPress.es\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-06T17:45:10+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/\",\"url\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/\",\"name\":\"Happy Addons para Elementor <= 3.10.3 - Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor - SeguridadWordPress.es\",\"isPartOf\":{\"@id\":\"http:\/\/127.0.0.1\/#website\"},\"datePublished\":\"2024-03-06T17:45:10+00:00\",\"dateModified\":\"2024-03-06T17:45:10+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/127.0.0.1\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Happy Addons para Elementor <= 3.10.3 – Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/127.0.0.1\/#website\",\"url\":\"http:\/\/127.0.0.1\/\",\"name\":\"SeguridadWordPress.es\",\"description\":\"Recopilaci\u00f3n de vulnerabilidades WordPress.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/127.0.0.1\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Happy Addons para Elementor <= 3.10.3 - Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor - SeguridadWordPress.es","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/","og_locale":"en_US","og_type":"article","og_title":"Happy Addons para Elementor <= 3.10.3 - Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor - SeguridadWordPress.es","og_description":"El plugin Happy Addons para Elementor en WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo ‘author_meta_tag’ del Widget Meta de Autor en todas las versiones hasta, e incluyendo, la 3.10.3 debido a una sanitizaci\u00f3n insuficiente de la entrada y escape de la salida. Esto permite a atacantes autenticados, con acceso de nivel […]","og_url":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/","og_site_name":"SeguridadWordPress.es","article_published_time":"2024-03-06T17:45:10+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/","url":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/","name":"Happy Addons para Elementor <= 3.10.3 - Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor - SeguridadWordPress.es","isPartOf":{"@id":"http:\/\/127.0.0.1\/#website"},"datePublished":"2024-03-06T17:45:10+00:00","dateModified":"2024-03-06T17:45:10+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/127.0.0.1\/happy-addons-para-elementor-3-10-3-cross-site-scripting-almacenado-autenticado-contribuidor-a-traves-del-widget-meta-de-autor\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/127.0.0.1\/"},{"@type":"ListItem","position":2,"name":"Happy Addons para Elementor <= 3.10.3 – Cross-Site Scripting Almacenado Autenticado (Contribuidor+) a trav\u00e9s del Widget Meta de Autor"}]},{"@type":"WebSite","@id":"http:\/\/127.0.0.1\/#website","url":"http:\/\/127.0.0.1\/","name":"SeguridadWordPress.es","description":"Recopilaci\u00f3n de vulnerabilidades WordPress.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/127.0.0.1\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3103"}],"collection":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=3103"}],"version-history":[{"count":0,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/3103\/revisions"}],"wp:attachment":[{"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=3103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=3103"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=3103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}